Risk Management White Papers

Risk Management is the process of measuring, or assessing risk and developing strategies to manage it. Strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk. Traditional risk management focuses on risks stemming from physical or legal causes.

This whitepaper asserts that moving to the next generation of software development and sourcing requires moving from art to science. Given how dependent we are on software as a foundation for every product and service, anything less creates a climate of risk, uncertainty, and unjustifiable costs that undermines our ability to compete in a global marketplace.

In the construction industry, as in business generally, risk management involves identifying risks, assessing them and then developing strategies to manage them. Organizations that manage risk well enjoy financial savings, greater productivity and service quality, improved success rates of new projects and better decision making. It is clear that, in today's complex business environment, risk factors are wide reaching, and are intrinsically linked to achieving organizational objectives.

According to the results of Actimize's 2007 Employee Fraud survey, which was managed by Infosurv, an independent research company, financial services institutions know that they have a significant and growing problem with employee fraud and are not fully prepared to handle the threat as attacks from organized crime, dissatisfied staff and financially distressed employees become more sophisticated.

Due to the numerous upgrades that will be needed to both software systems and manual processes, health care providers must begin preparing now. Those who do not take steps immediately put the stability and financial health of their private practice at risk.

Financial services companies have been the target of a serious, sustained, and well-funded DDoS campaign for more than a year. What these attacks have continued to demonstrate is that DDoS will continue to be a popular and increasingly complex attack vector. DDoS is no longer simply a network issue, but is increasingly a feature or additional aspect of other advanced targeted attacks. The motivation of modern attackers can be singular, but the threat landscape continues to become more complex and mixes various threats to increase the likelihood of success. There have certainly been cases where the MSSP was successful at mitigating against an attack but the target Website still went down due to corruption of the underlying application and data. In order to defend networks today, enterprises need to deploy DDoS security in multiple layers, from the perimeter of their network to the provider cloud, and ensure that on-premise equipment can work in harmony with provider networks for effective and robust attack mitigation

Today’s hosting provider can increase revenue by capitalizing on the growing demand of business customers for hosted online operations—provided, of course, that it can safeguard these critical operations against DDoS-related outages. Using the simple, step-by-step approach described in this paper, providers can model the financial impact of a DDoS attack on their operations and calculate the ROI of an effective DDoS defense solution.

Whether you’re implementing new technologies, upgrading existing infrastructure or evaluating current needs, consultants can help you identify and document the gap between your current situation and a desired future state. When an assessment is done correctly, it can provide a solid foundation for successful implementation and improvement. The consultant first interviews stakeholders, analyzes data, and compares your business against best practices or specific industry competitors.

Laptops, USB devices, and other endpoint devices foster a flexible and more productive work environment, yet also increase a company's exposure to the loss or theft of critical information. Avalere inventories, protects, and controls your company’s laptop, desktop or removable storage device information to mitigate risks of lost or stolen equipment.

User access-related business risk comprises a broad array of potentially damaging events that may be caused or made possible by inadequate governance of access to an enterprise’s information assets. Such events range from relatively minor policy and compliance violations to disastrous business losses. The stakes involved in access-related risk have risen dramatically in recent years as organizations have become thoroughly operationalized by technology.

Every large enterprise has employees who need some level of access to its critical information resources, and many also provide a wide variety of types and levels of access to contractors, partners, vendors, and customers. Each of these points of access represents a source of potential business and compliance risk.

Although roles-based access control (RBAC) has been the subject of much interest in the past, experience with it has been mostly disappointing. The challenge of discovering established roles, defining new roles according to business need, connecting roles properly to the IT infrastructure, ensuring that they meet all compliance requirements, and managing roles through their natural lifecycles has, until now, proved to be too complicated and cumbersome to be practical.

Most organizations must comply with multiple standards covering privacy, corporate financial data, Protected Health Information and credit card data. Fortunately, the overlapping standards agree on a single concept; implementing appropriate security controls to protect information from improper disclosure.
However, GRC requirements do not exist in a vacuum. Organizational objectives must also be supported. Critical functions can be disrupted if business needs are not considered when establishing compliance activities. In addition, providing evidence that the appropriate controls are in place and enforced is a requirement of any audit. Investing in selecting the right policies, controls and solutions leads to more successful audits and security that is more reliable.

This new eBook explains how a single, positive security solution, such as Bit9, facilitates the convergence of compliance and security—one agent that provides visibility, detection, response and protection and can automate and manage compliance for PCI-DSS, SOX, HIPAA, FISMA, GLBA, GPG 13, NERC CIP and other regulations.

For enterprises, relying on perimeter defenses as well as traditional endpoint protection is no longer suitable to combat today’s threats. There is a good reason for that, since solutions including signature-based antivirus have not kept pace in combating advanced threats or zero-day attacks leaving devices defenseless.

In October 2013, Bit9 conducted its third-annual survey on server security. In the past year, the inability to detect or stop advanced attacks has remained a constant challenge for enterprises. This survey was designed to analyze these challenges from respondents who are responsible for their organization’s security posture.

The healthcare industry has benefited from the breakneck pace of digitization - spanning everything from payments to patient records to X-ray film - but it has also been increasingly exposed to greater risk. Efforts to increase healthcare provider productivity via increased digitization and system interconnectivity have to be counterbalanced against the growing concerns for patient privacy and a backdrop of increasing liability.

Changing or consolidating job schedulers may seem daunting. However, the benefits of switching to enterprise workload automation outweigh the risks.

This Executive Brief discusses IDC's perspective on how enterprise workload management requirements are changing and highlights the ways that workload automation solutions can address these emerging requirements